I find it particularly interesting when people panic over personal information being stolen, because frankly, most usermode software (i.e. League without the kernel driver) can already harvest...
I find it particularly interesting when people panic over personal information being stolen, because frankly, most usermode software (i.e. League without the kernel driver) can already harvest enough information to cause most people harm. Keyloggers, clipboard thievery, stealing sessions from browsers? No problem! Installing software on your computer in non-sandboxed environments (your phone is a sandboxed environment, for example) just comes with an inherent risk that it might do naughty things.
Either way - I play Counter-Strike, the most popular live service game without a kernel level anti-cheat... and it fucking sucks. Too many goddamn cheaters making games just throwaway experiences, and for all of the publicity Valve got over their machine learning anti-cheating efforts, it ultimately culminated in people getting banned for spinning their mouse in a circle, while cheaters roam free.
Valve's official tournaments use third-party anti-cheating solutions because the official one is so incapable.
Without FACEIT (who implement similar anti-cheating and tampering solutions like Riot’s Vanguard for Counter-Strike), Counter-Strike would be doomed at the top level. Doomed.
Hopefully one day soon, the platforms our games run on will offer developers the security features required to prevent cheating without necessitating extracurricular software.
I do hope so too. Online cheating is a scourge, and having each game build and install advanced anti-tampering and anti-cheating mechanisms is a drag.
(I wonder if this will end up being a case where consoles have proper M+K support and make distribution of titles easier, thus making them the defacto trusted environment - albeit, I know Ubi still needed to build Chronus detection.)
From what I've seen, most of the criticisms revolving around Vanguard isn't necessarily that it's kernel-level*, but that 1) it loads the driver on boot; 2) it does not support Linux; 3) it uses...
From what I've seen, most of the criticisms revolving around Vanguard isn't necessarily that it's kernel-level*, but that 1) it loads the driver on boot; 2) it does not support Linux; 3) it uses TPM 2.0; and 4) it is/was significantly more invasive than other anti-cheats.
The article does address some of these points, but not necessarily to a satisfactory level. For example, it says that it is not running all the time because it doesn't make network requests unless a Riot game is running. But while I'm sure that it has plenty of security measures to keep itself safe, it seems to me that it would still be theoretically be possible for it to be compromised by an attack or to crash your computer from a buggy update.
The article also mentions that there were only 800 Linux users yesterday. This seems a bit disingenuous, given that they apparently announced the Vanguard implementation months back and thus, nearly everyone would have already dropped it by then. Although it's probably still a pretty small community compared to their total player base at full size.
Their response for TPM 2.0 makes sense, since W11 apparently soft-requires it and considers TPM-less installations to be in an unsupported state. Still, it's a privacy issue that some people are understandably worried about.
Finally, while I haven't been keeping up with the latest news, Vanguard has gone under fire before for straight-up preventing people from running applications like Core Temp, without any notification or warning. This source mentions that Riot has shifted their mitigation strategy to prevent this from happening again, but it's completely understandable to me for people to be wary when it has a history of invasive, always-on procedures just to play a game.
The article isn't necessarily encouraging, either:
They used cheating software for another game, and Vanguard unfortunately picked it up.
With hardware-level cheating, we can't always tell which game you intended to cheat on, so it's our firm recommendation that you just not cheat on any game.
Does this mean that you could get banned for "cheating" on a single-player game while Riot games aren't running? What if you're using debuggers for development? Does that count as "cheating software"?
* I believe EAC/BattlEye are kernel-level and do not have the other issues I mentioned.
It's feels like a combinatoric thing - the userbase is sufficiently small (and was never officially supported), and building the relevant protection there would be difficult. The best Riot could...
The article also mentions that there were only 800 Linux users yesterday.
It's feels like a combinatoric thing - the userbase is sufficiently small (and was never officially supported), and building the relevant protection there would be difficult. The best Riot could do is a gesture of good-will and refund cosmetics, a-la Counter-Strike when they dropped macOS support, but even that would be excessive, given that you've likely had significant game time with these items (discussions about cosmetics themselves are probably best saved for another time).
Finally, while I haven't been keeping up with the latest news, Vanguard has gone under fire before for straight-up preventing people from running applications like Core Temp,
They mentioned this within the article linked. They used to block vulnerable drivers (i.e. kernel level drivers that were exploitable, the theoretical doomsday situation portrayed for Vanguard), and now just prevent you from loading them game with them installed.
Does this mean that you could get banned for "cheating" on a single-player game while Riot games aren't running? What if you're using debuggers for development? Does that count as "cheating software"?
Let's be clear here - this mistake happened for hardware-level cheating. It a) speaks to the demands that Vanguard has to deal with and b) is unlikely for regular users to ever run into.
To answer your final point I imagine it does mean that but you can shut Vanguard down at any point and cheat all you want before rebooting to play League. Or at least that's how it seemed to...
To answer your final point I imagine it does mean that but you can shut Vanguard down at any point and cheat all you want before rebooting to play League. Or at least that's how it seemed to explain it in the q and a.
I think it's interesting how much sense this article makes; it's not just a technical report, but a story. They're handling one of the most popular video games in the world and the move makes...
I think it's interesting how much sense this article makes; it's not just a technical report, but a story. They're handling one of the most popular video games in the world and the move makes total sense. If I was in their shoes, I would probably do the same. And yet, I would definitely not install this on my computer. It's a tiny bit dystopian that way. :P
Realistically, nothing much will probably come from this. It would just continue the downward trend towards normalizing increasingly closed computer environments. Or maybe we're on that rare timeline where a bug or vulnerability gets out and we get something spicier. Who knows.
I mean, we’re practically at that point right? Apex, Fortnite, Call of Duty, Battlefield, PUBG, Helldivers, basically any live service title is employing some level of kernel-level anti-cheat, no?
I mean, we’re practically at that point right? Apex, Fortnite, Call of Duty, Battlefield, PUBG, Helldivers, basically any live service title is employing some level of kernel-level anti-cheat, no?
The q and a that addresses the elephant in the room.
The q and a that addresses the elephant in the room.
Q: What if I am personally incompatible with Vanguard?
We get it, and we 100% respect your decision. Hopefully one day soon, the platforms our games run on will offer developers the security features required to prevent cheating without necessitating extracurricular software. However, if your beef is only about data privacy at Riot, running the game client or running Vanguard makes not one bit of difference. Data can still be retrieved from user-mode, and we're all engineers for the same studio with the same goals, none of which are collecting your personal information. If Riot hasn't earned your trust, do not run our software.
I never got into league (started with Dota, league felt like a step down for a long time, and then developed in ways I don't enjoy), but I've kept an eye on this for a long time. The issue is that...
I never got into league (started with Dota, league felt like a step down for a long time, and then developed in ways I don't enjoy), but I've kept an eye on this for a long time.
The issue is that at the end of the day I know diddly about this stuff. I do know how some people who know more about it feel, and their stance has mostly been "fuck that". There are concerning implications about things like TPM and kernel level anticheat, and that's exactly why it doesn't work on things like linux (as they acknowledge, but also point out there's apparently only 800 of them).
Finally, as for trusting Riot, well that's the rub isn't it. It's a company. They can be completely trustworthy today, and then tomorrow one person at the top of the chain says "do this or quit" and it'll be done, and possibly with very few people even knowing it occurred. Given the level of access these systems give, I'm extremely hesitant to touch anything that uses them
I would just like to note for anybody in the future who reads this, Vanguard is not the only kernel level anticheat. Easy Anti Cheat and BattlEye are both kernel level as well and are extremely...
I would just like to note for anybody in the future who reads this, Vanguard is not the only kernel level anticheat. Easy Anti Cheat and BattlEye are both kernel level as well and are extremely common among games. Some less common ones include nProtect GameGuard, PunkBuster, XIGNCODE3, and Ricochet. People who complain about Vanguard being kernel level but don't complain about the multitude of others are uninformed about anti cheat software. All of them theoretically have the same permissions if I remember correctly.
The big difference with Vanguard is that it runs at startup and stays on even while Valorant (and now League) is closed. The main problems with it from what I remember is that it (used to?) flag legitimate drivers on accident.
Isn't Vanguard one of the few of those that are entirely in-house? I can trust Arrowhead Game Studios all I want but nProtect isn't theirs, while Vanguard remains with Riot only. It's easier to...
Isn't Vanguard one of the few of those that are entirely in-house?
I can trust Arrowhead Game Studios all I want but nProtect isn't theirs, while Vanguard remains with Riot only. It's easier to see a malicious shift if it's first party.
Why would Vanguard being in house make it easier for a malicious shift? What specifically about Riot makes them more likely to push a malicious patch to Vanguard than INCA Internet pushing a...
Why would Vanguard being in house make it easier for a malicious shift? What specifically about Riot makes them more likely to push a malicious patch to Vanguard than INCA Internet pushing a malicious patch to nProtect?
No you misunderstood, see the shift as the consumer. Third party stuff like nProtect is super opaque and has nothing to do with Arrowhead being nice. That doesn't mean either is safer than the...
No you misunderstood, see the shift as the consumer.
Third party stuff like nProtect is super opaque and has nothing to do with Arrowhead being nice.
That doesn't mean either is safer than the other, mind, but it's easier to see what Riot will do with your data in any changes to TOS.
That doesn't matter. You trust INCA to not add malicious code to their anticheat for whatever reason. You don't trust Riot to not add malicious core to their anticheat for whatever reason. Why?...
That doesn't matter. You trust INCA to not add malicious code to their anticheat for whatever reason. You don't trust Riot to not add malicious core to their anticheat for whatever reason.
Why? What makes INCA more trustworthy in your eyes than Riot?
Just because there is an extra company between you and INCA is not a reason to trust them more. They are just as capable of adding malicious code to their anticheat as Riot is. You have absolutely no guarantee that Arrowhead or whatever other company between you and INCA won't be in on it with INCA either.
If you trust nProtect but don't trust Vanguard you are being inconsistent. Both are kernel level anticheats and both are just as likely to be malicious.
Anticheat is a very, very hard problem to solve. Fundamentally, the goals of allowing users to have full control over their endpoints and controlling how those endpoints interact with network...
Anticheat is a very, very hard problem to solve. Fundamentally, the goals of allowing users to have full control over their endpoints and controlling how those endpoints interact with network services are wholly incompatible, so my thoughts on PC anticheat are so horribly conflicted.
I think both sides of the argument have a lot of half truths that get peddled. On the open source, freedom respecting side, I often hear the argument that you don't need kernel level anticheat, that it's not effective, and that there are much better, more effective ways to do what they want to do.
That really isn't the case, as far as I've seen. I haven't seen any effective technique that allows a process to shield it's memory from being read or manipulated by software running at a higher privilege level except for the software that prevents this from happening running at an even higher privilege level. Are there effective cheats that get around ring-0 anticheat? Yes, of course, but they're way harder to implement and require way more development expertise, and require letting some very shady characters full, complete access to your computer.
On the other hand, I hear hardcore gamers say that Linux users should stop whining and get over it, that riot or blizzard or ea are totally trustworthy, and what's the big deal, what do we have to hide anyway?
Personally I'm very, very uncomfortable with a game developer having access to my computer at such a deep level that they can damage hardware if they wanted to or if they did something wrong. It shouldn't be requirement to play a video game online.
Ultimately I don't know what the solution is. I absolutely detest games with cheaters in them. It makes playing a competitive game feel totally pointless.
The only real, true solution I could think of is having a dedicated, locked down "competitive gaming PC" platform that has a custom built OS with cryptographically signed hardware that cannot be modified without being detected, that is used for gaming, and only gaming, so it's not a big deal if it gets compromised. At that point though, you're basically just talking about a console, which also isn't my optimal way to play games.
Speaking from an area of total ignorance: Would it be possible to have that be a sandboxed VM? My understanding is this is kinda how some anticheat stuff works? Although I guess that probably...
Speaking from an area of total ignorance:
Would it be possible to have that be a sandboxed VM? My understanding is this is kinda how some anticheat stuff works? Although I guess that probably can't deal with someone using their mouse/keyboard to load things?
I did read the article and the issue I have with it is that it's written from the perspective of people who appear to handwave some of the issues that i've heard others be very concerned about...
I did read the article and the issue I have with it is that it's written from the perspective of people who appear to handwave some of the issues that i've heard others be very concerned about (mainly that no code should need kernel level access, that it shouldn't run at all times, that linux's ethos is better, not worse for this, and that TPM is a pandora's box to name a few).
I don't have the expertise to say their "actually TPM is a good thing" argument is good or bad, but those I trust certainly don't seem to think so, and thus i'm unsure on the rest of it as well.
And to call out an example:
Why is it always on?
Vanguard is not really "running all the time." The driver loads at boot, but nothing is making calls to it, and there's no network connectivity until you run one of Riot's games. It's literally just sitting there (menacingly), so that it can attest to the fact that nothing's happened between Windows loading and the game starting that would break the operating system.
When you launch League, the Vanguard client contacts the driver to confirm that it thinks everything is 100%, and if so, you receive a valid anti-cheat session and may connect to the game server. Instructions from the client then start enabling features within the driver to watch for things that might tamper with the signed League process and prevent them. You can always disable the driver whenever you'd like-you'll just need a fresh reboot to "recertify" the integrity of the trust chain before you jump into game.
This....doesn't add up? It is running all the time if it's watching something. I have plenty of work apps that monitor things, and they 100% qualify as running all the time, and I don't see how this is different. The fact they claim "it's not really 'running all the time'" makes me suspicious as hell because, yes yes it is. If you wanted you could say "it does run all the time but you can disable it and it's only viewing specific data" but that wouldn't be received as well, although it appears to be 100% true by their own words?
The article mentions that currently they lost the cat and mouse game with only server-side anti-cheat. They do some local obfuscation but that's only a matter of time for hackers to bypass and...
The article mentions that currently they lost the cat and mouse game with only server-side anti-cheat. They do some local obfuscation but that's only a matter of time for hackers to bypass and right now that game has been lost. A VM being client-side would have the same issues as long as you can't trust the client. Vanguard is a way to be able to trust the client moving forward. Based on other articles I've read in the past Vanguard is currently the best anti-cheat on the market and it gives a huge headache to hackers.
TPM allows Vanguard to uniquely identify a machine. (I don't know much about it myself but it seems to be an API provided by Microsoft.)
It isn't. If you have root on a machine, you have the keys to the kingdom. There's no way to stop you from having full visibility of everything that machine is doing, including any sort of...
It isn't. If you have root on a machine, you have the keys to the kingdom. There's no way to stop you from having full visibility of everything that machine is doing, including any sort of "sandbox" you try to set up. At the end of the day, every process, whether its virtualized, sandboxed, containerized, jailed or whatever other isolation technology you're using is writing bits to memory. Whoever has root on a system level has full visibility into that memory. There are memory obfuscation techniques, but there are also ways around those techniques.
The only way to hide what a process is doing from a user is to not give that user root on their computer. Personally, I would never, ever buy a general use computer that I didn't get to have root on. That's why I say the only true way around this problem is some sort of locked down, limited platform, like a console.
Been playing league longer than most people now (early Season 2) and I'll probably be stepping away indefinitely now. I already have not played for several months but the game in general has taken...
Been playing league longer than most people now (early Season 2) and I'll probably be stepping away indefinitely now. I already have not played for several months but the game in general has taken a shitty turn with censorship and communication, and addressing issues that I don't care about compared to balance changes which should be taking priority. Had some of the most fun on this game, as well as some of the most frustrating moments of gaming on here as well.
The other interesting change as part of this is the tpm 2.0 requirement. I wonder how much of the playerbase that'll kill off as it means I won't be playing anymore.
The other interesting change as part of this is the tpm 2.0 requirement. I wonder how much of the playerbase that'll kill off as it means I won't be playing anymore.
Looks like Rioters have been answering questions in the Reddit thread for the same topic: https://www.reddit.com/r/leagueoflegends/comments/1c1kgrk/dev_vanguard_x_lol/. Rioters have the red Riot...
My concerns on these kernel space anticheat is security. The driver could have vulnerabilities that allow elevated system control without UAC prompt. Especially that the anticheat is often used to...
My concerns on these kernel space anticheat is security. The driver could have vulnerabilities that allow elevated system control without UAC prompt. Especially that the anticheat is often used to avoid implement the basic security principle of don't trust the client inputs - speedhacks, fly, highscore cheats, or unlocking achievements for other players are cheats that should be detected as invalid inputs.
If the anticheat only runs when the player enter online mode (and offer offline modes if applicable) and unload itself after the play session completes then it should be acceptable to me.
I find it particularly interesting when people panic over personal information being stolen, because frankly, most usermode software (i.e. League without the kernel driver) can already harvest enough information to cause most people harm. Keyloggers, clipboard thievery, stealing sessions from browsers? No problem! Installing software on your computer in non-sandboxed environments (your phone is a sandboxed environment, for example) just comes with an inherent risk that it might do naughty things.
Either way - I play Counter-Strike, the most popular live service game without a kernel level anti-cheat... and it fucking sucks. Too many goddamn cheaters making games just throwaway experiences, and for all of the publicity Valve got over their machine learning anti-cheating efforts, it ultimately culminated in people getting banned for spinning their mouse in a circle, while cheaters roam free.
Valve's official tournaments use third-party anti-cheating solutions because the official one is so incapable.
Without FACEIT (who implement similar anti-cheating and tampering solutions like Riot’s Vanguard for Counter-Strike), Counter-Strike would be doomed at the top level. Doomed.
I do hope so too. Online cheating is a scourge, and having each game build and install advanced anti-tampering and anti-cheating mechanisms is a drag.
(I wonder if this will end up being a case where consoles have proper M+K support and make distribution of titles easier, thus making them the defacto trusted environment - albeit, I know Ubi still needed to build Chronus detection.)
From what I've seen, most of the criticisms revolving around Vanguard isn't necessarily that it's kernel-level*, but that 1) it loads the driver on boot; 2) it does not support Linux; 3) it uses TPM 2.0; and 4) it is/was significantly more invasive than other anti-cheats.
The article does address some of these points, but not necessarily to a satisfactory level. For example, it says that it is not running all the time because it doesn't make network requests unless a Riot game is running. But while I'm sure that it has plenty of security measures to keep itself safe, it seems to me that it would still be theoretically be possible for it to be compromised by an attack or to crash your computer from a buggy update.
The article also mentions that there were only 800 Linux users yesterday. This seems a bit disingenuous, given that they apparently announced the Vanguard implementation months back and thus, nearly everyone would have already dropped it by then. Although it's probably still a pretty small community compared to their total player base at full size.
Their response for TPM 2.0 makes sense, since W11 apparently soft-requires it and considers TPM-less installations to be in an unsupported state. Still, it's a privacy issue that some people are understandably worried about.
Finally, while I haven't been keeping up with the latest news, Vanguard has gone under fire before for straight-up preventing people from running applications like Core Temp, without any notification or warning. This source mentions that Riot has shifted their mitigation strategy to prevent this from happening again, but it's completely understandable to me for people to be wary when it has a history of invasive, always-on procedures just to play a game.
The article isn't necessarily encouraging, either:
Does this mean that you could get banned for "cheating" on a single-player game while Riot games aren't running? What if you're using debuggers for development? Does that count as "cheating software"?
* I believe EAC/BattlEye are kernel-level and do not have the other issues I mentioned.
It's feels like a combinatoric thing - the userbase is sufficiently small (and was never officially supported), and building the relevant protection there would be difficult. The best Riot could do is a gesture of good-will and refund cosmetics, a-la Counter-Strike when they dropped macOS support, but even that would be excessive, given that you've likely had significant game time with these items (discussions about cosmetics themselves are probably best saved for another time).
They mentioned this within the article linked. They used to block vulnerable drivers (i.e. kernel level drivers that were exploitable, the theoretical doomsday situation portrayed for Vanguard), and now just prevent you from loading them game with them installed.
Riot aim to simply crash the game process if you have debugging tools open, not ban you for having these tools open.
Let's be clear here - this mistake happened for hardware-level cheating. It a) speaks to the demands that Vanguard has to deal with and b) is unlikely for regular users to ever run into.
(Twitter link) Look at the ridiculousness of procedures Vanguard has forced users to run into to even try to cheat. That is the battle being fought.
To answer your final point I imagine it does mean that but you can shut Vanguard down at any point and cheat all you want before rebooting to play League. Or at least that's how it seemed to explain it in the q and a.
This would have been a problem 8 years ago, however support for this is ubiquitous today in any hardware capable enough to play modern games.
Overwatch manages to keep cheaters reasonably at bay without a kernel level anti-cheat.
But I agree, the fear over these things is a bit overblown.
I think it's interesting how much sense this article makes; it's not just a technical report, but a story. They're handling one of the most popular video games in the world and the move makes total sense. If I was in their shoes, I would probably do the same. And yet, I would definitely not install this on my computer. It's a tiny bit dystopian that way. :P
Realistically, nothing much will probably come from this. It would just continue the downward trend towards normalizing increasingly closed computer environments. Or maybe we're on that rare timeline where a bug or vulnerability gets out and we get something spicier. Who knows.
Well said. It's an arms race. I wonder what it will look like if every multiplayer game needs this kind of tech in the future.
I mean, we’re practically at that point right? Apex, Fortnite, Call of Duty, Battlefield, PUBG, Helldivers, basically any live service title is employing some level of kernel-level anti-cheat, no?
The q and a that addresses the elephant in the room.
I never got into league (started with Dota, league felt like a step down for a long time, and then developed in ways I don't enjoy), but I've kept an eye on this for a long time.
The issue is that at the end of the day I know diddly about this stuff. I do know how some people who know more about it feel, and their stance has mostly been "fuck that". There are concerning implications about things like TPM and kernel level anticheat, and that's exactly why it doesn't work on things like linux (as they acknowledge, but also point out there's apparently only 800 of them).
Finally, as for trusting Riot, well that's the rub isn't it. It's a company. They can be completely trustworthy today, and then tomorrow one person at the top of the chain says "do this or quit" and it'll be done, and possibly with very few people even knowing it occurred. Given the level of access these systems give, I'm extremely hesitant to touch anything that uses them
I would just like to note for anybody in the future who reads this, Vanguard is not the only kernel level anticheat. Easy Anti Cheat and BattlEye are both kernel level as well and are extremely common among games. Some less common ones include nProtect GameGuard, PunkBuster, XIGNCODE3, and Ricochet. People who complain about Vanguard being kernel level but don't complain about the multitude of others are uninformed about anti cheat software. All of them theoretically have the same permissions if I remember correctly.
The big difference with Vanguard is that it runs at startup and stays on even while Valorant (and now League) is closed. The main problems with it from what I remember is that it (used to?) flag legitimate drivers on accident.
Isn't Vanguard one of the few of those that are entirely in-house?
I can trust Arrowhead Game Studios all I want but nProtect isn't theirs, while Vanguard remains with Riot only. It's easier to see a malicious shift if it's first party.
Why would Vanguard being in house make it easier for a malicious shift? What specifically about Riot makes them more likely to push a malicious patch to Vanguard than INCA Internet pushing a malicious patch to nProtect?
No you misunderstood, see the shift as the consumer.
Third party stuff like nProtect is super opaque and has nothing to do with Arrowhead being nice.
That doesn't mean either is safer than the other, mind, but it's easier to see what Riot will do with your data in any changes to TOS.
Ah I understand. In that case I actually agree with you.
The fact that they're in complete control of the product end to end and can only be dropped by the end user, not a large corporation in between?
So what about that makes it more likely that Riot adds malicious code to Vanguard than INCA adding malicious code to nProtect?
The end user is unlikely to have legal representation of the same caliber
That doesn't matter. You trust INCA to not add malicious code to their anticheat for whatever reason. You don't trust Riot to not add malicious core to their anticheat for whatever reason.
Why? What makes INCA more trustworthy in your eyes than Riot?
Just because there is an extra company between you and INCA is not a reason to trust them more. They are just as capable of adding malicious code to their anticheat as Riot is. You have absolutely no guarantee that Arrowhead or whatever other company between you and INCA won't be in on it with INCA either.
If you trust nProtect but don't trust Vanguard you are being inconsistent. Both are kernel level anticheats and both are just as likely to be malicious.
Anticheat is a very, very hard problem to solve. Fundamentally, the goals of allowing users to have full control over their endpoints and controlling how those endpoints interact with network services are wholly incompatible, so my thoughts on PC anticheat are so horribly conflicted.
I think both sides of the argument have a lot of half truths that get peddled. On the open source, freedom respecting side, I often hear the argument that you don't need kernel level anticheat, that it's not effective, and that there are much better, more effective ways to do what they want to do.
That really isn't the case, as far as I've seen. I haven't seen any effective technique that allows a process to shield it's memory from being read or manipulated by software running at a higher privilege level except for the software that prevents this from happening running at an even higher privilege level. Are there effective cheats that get around ring-0 anticheat? Yes, of course, but they're way harder to implement and require way more development expertise, and require letting some very shady characters full, complete access to your computer.
On the other hand, I hear hardcore gamers say that Linux users should stop whining and get over it, that riot or blizzard or ea are totally trustworthy, and what's the big deal, what do we have to hide anyway?
Personally I'm very, very uncomfortable with a game developer having access to my computer at such a deep level that they can damage hardware if they wanted to or if they did something wrong. It shouldn't be requirement to play a video game online.
Ultimately I don't know what the solution is. I absolutely detest games with cheaters in them. It makes playing a competitive game feel totally pointless.
The only real, true solution I could think of is having a dedicated, locked down "competitive gaming PC" platform that has a custom built OS with cryptographically signed hardware that cannot be modified without being detected, that is used for gaming, and only gaming, so it's not a big deal if it gets compromised. At that point though, you're basically just talking about a console, which also isn't my optimal way to play games.
Speaking from an area of total ignorance:
Would it be possible to have that be a sandboxed VM? My understanding is this is kinda how some anticheat stuff works? Although I guess that probably can't deal with someone using their mouse/keyboard to load things?
I would suggest reading the article if you're interested, they answer pretty much everything and it's actually well written.
I did read the article and the issue I have with it is that it's written from the perspective of people who appear to handwave some of the issues that i've heard others be very concerned about (mainly that no code should need kernel level access, that it shouldn't run at all times, that linux's ethos is better, not worse for this, and that TPM is a pandora's box to name a few).
I don't have the expertise to say their "actually TPM is a good thing" argument is good or bad, but those I trust certainly don't seem to think so, and thus i'm unsure on the rest of it as well.
And to call out an example:
This....doesn't add up? It is running all the time if it's watching something. I have plenty of work apps that monitor things, and they 100% qualify as running all the time, and I don't see how this is different. The fact they claim "it's not really 'running all the time'" makes me suspicious as hell because, yes yes it is. If you wanted you could say "it does run all the time but you can disable it and it's only viewing specific data" but that wouldn't be received as well, although it appears to be 100% true by their own words?
The article mentions that currently they lost the cat and mouse game with only server-side anti-cheat. They do some local obfuscation but that's only a matter of time for hackers to bypass and right now that game has been lost. A VM being client-side would have the same issues as long as you can't trust the client. Vanguard is a way to be able to trust the client moving forward. Based on other articles I've read in the past Vanguard is currently the best anti-cheat on the market and it gives a huge headache to hackers.
TPM allows Vanguard to uniquely identify a machine. (I don't know much about it myself but it seems to be an API provided by Microsoft.)
It isn't. If you have root on a machine, you have the keys to the kingdom. There's no way to stop you from having full visibility of everything that machine is doing, including any sort of "sandbox" you try to set up. At the end of the day, every process, whether its virtualized, sandboxed, containerized, jailed or whatever other isolation technology you're using is writing bits to memory. Whoever has root on a system level has full visibility into that memory. There are memory obfuscation techniques, but there are also ways around those techniques.
The only way to hide what a process is doing from a user is to not give that user root on their computer. Personally, I would never, ever buy a general use computer that I didn't get to have root on. That's why I say the only true way around this problem is some sort of locked down, limited platform, like a console.
Been playing league longer than most people now (early Season 2) and I'll probably be stepping away indefinitely now. I already have not played for several months but the game in general has taken a shitty turn with censorship and communication, and addressing issues that I don't care about compared to balance changes which should be taking priority. Had some of the most fun on this game, as well as some of the most frustrating moments of gaming on here as well.
The other interesting change as part of this is the tpm 2.0 requirement. I wonder how much of the playerbase that'll kill off as it means I won't be playing anymore.
It's not required if you're still on Windows 10.
Looks like Rioters have been answering questions in the Reddit thread for the same topic: https://www.reddit.com/r/leagueoflegends/comments/1c1kgrk/dev_vanguard_x_lol/. Rioters have the red Riot badge.
My concerns on these kernel space anticheat is security. The driver could have vulnerabilities that allow elevated system control without UAC prompt. Especially that the anticheat is often used to avoid implement the basic security principle of don't trust the client inputs - speedhacks, fly, highscore cheats, or unlocking achievements for other players are cheats that should be detected as invalid inputs.
If the anticheat only runs when the player enter online mode (and offer offline modes if applicable) and unload itself after the play session completes then it should be acceptable to me.